This detection rule, authored by Elastic, aims to identify potentially suspicious web requests made to a web application server that do not include an identifiable user agent string. User agents typically provide critical information about the requesting client, including the type of device and browser used. While legitimate web requests almost always include a user agent, there are cases where certain applications or scripts might omit this information. The absence of a user agent can signify unusual behavior, especially if the source of the request is unexpected, or if the request is made by an unauthorized user. The rule leverages KQL (Kibana Query Language) to filter web application transaction logs in the specified indexes (apm-*-transaction* and traces-apm*) to check for requests where the user agent field is non-existent, raising a alert if such cases are detected with a risk score of 47, categorized under medium severity.